Lucene search
K
GiteeMost viewed

1886 matches found

Gitee
Gitee
added 2020/09/11 3:8 p.m.5 views

Exploit for CVE-2015-1538

PoC exploit for CVE-2015-1538-1, Google Stagefright ‘stsc’ MP4 Atom Integer Overflow Remote Code Execution. The target product/service is Google Stagefright, a media library for Android. The vulnerability class/vector is Integer Overflow in the libstagefright MP4 'stsc' atom handling, leading to...

10CVSS7.6AI score0.99064EPSS
Exploits6
Gitee
Gitee
added 2020/09/11 3:7 p.m.5 views

Exploit for CVE-2015-3636

PoC exploit for CVE-2015-3636 targeting 32-bit Android OS. The exploit targets the Linux kernel, specifically the getroot function, which allows for privilege escalation. The probable entry point is the poc.c file, which is compiled into an executable using the Android.mk file. The exploit uses t...

4.9CVSS7.1AI score0.02472EPSS
Exploits6
Gitee
Gitee
added 2020/09/10 11:10 p.m.5 views

ios-resources

PoC exploit for iOS device. The primary CVE ID is not explicitly mentioned, but the repository contains resources for iOS hacking, including ARMv8 instruction set documentation and assembly language crash course. The target product/service is the iOS operating system, and the vulnerability...

6.7AI score
Exploits0
Gitee
Gitee
added 2020/09/06 5:18 p.m.5 views

vulhub

It is an offensive tool for Vulnerability Research and Exploitation. The repository contains pre-built vulnerable environments based on Docker-Compose, allowing users to easily set up and test vulnerable systems without requiring extensive knowledge of Docker. The tool is designed for vulnerabili...

7.9AI score
Exploits0
Gitee
Gitee
added 2020/09/06 11:31 a.m.5 views

aMALgamous

This repository is an offensive tool for creating custom malware payloads. It is a Python-based tool that allows users to generate various types of malware payloads, including Meterpreter, Shell, and Python payloads, as well as payloads for specific platforms such as Windows and macOS. The tool i...

6.8AI score
Exploits0
Gitee
Gitee
added 2020/09/04 2:24 p.m.5 views

Exploit for Path Traversal in F5 Big-Ip_Access_Policy_Manager

CVE-2020-5902...

10CVSS7.4AI score0.99999EPSS
Exploits60
Gitee
Gitee
added 2020/09/03 10:32 a.m.5 views

Exploit for Deserialization of Untrusted Data in Oracle Access_Manager

This is a Java class file, specifically the Main class from the com.axin package. The class has a single method, main, which takes an array of String arguments. The method is not implemented, as it is empty. The class has several annotations and attributes, including: LineNumberTable: This...

9.8CVSS9.3AI score0.97116EPSS
Exploits26
Gitee
Gitee
added 2020/08/27 5:46 p.m.5 views

Exploit for Unrestricted Upload of File with Dangerous Type in Apache Activemq

This is a collection of proof-of-concept PoC exploits and tools for various vulnerabilities. The repository contains several files, including a Gitignore file, a Python script, and a PNG image. The Python script is a tool for exploiting a vulnerability in Apache ActiveMQ, specifically the...

9.8CVSS9.2AI score0.98518EPSS
Exploits19
Gitee
Gitee
added 2020/08/26 10:6 a.m.5 views

Pocsuite

This project, Pocsuite, is an open-sourced remote vulnerability testing and proof-of-concept development framework developed by the Knownsec Security Team. It comes with a powerful proof-of-concept engine and many niche features for penetration testers and security researchers. The framework...

7.2AI score
Exploits0
Gitee
Gitee
added 2020/08/22 9:52 a.m.5 views

Sitadel

This is a web application security scanner called Sitadel, which is an update for WAScan making it compatible with Python 3.4 and above. It allows for more flexibility in writing new modules and implementing new features, such as frontend framework detection, content delivery network detection, a...

7.1AI score
Exploits0
Gitee
Gitee
added 2020/08/21 10:36 a.m.5 views

exploitdb

The Exploit Database Git Repository This is an official repository of The Exploit Database, a project sponsored by Offensive Security. Our repositories are: - Exploits & Shellcodes: https://github.com/offensive-security/exploitdb - Binary Exploits:...

6.7AI score
Exploits0
Gitee
Gitee
added 2020/08/14 2:14 p.m.5 views

vulhub

It is an offensive tool for web application security training. The repository contains a collection of pre-built vulnerable Docker environments, which can be used for training and testing web application security. The tool is designed to be easy to use, requiring only two simple commands to compi...

8AI score
Exploits0
Gitee
Gitee
added 2020/08/11 10:53 p.m.5 views

vulhub

This is an open-source collection of pre-built vulnerable docker environments, called Vulhub. It provides a simple way to create a vulnerable environment for testing and learning purposes. The project is maintained by phith0n and has a community of contributors and backers. The environments are...

7.2AI score
Exploits0
Gitee
Gitee
added 2020/08/11 1:8 p.m.5 views

pwntools

This is an offensive tool for exploit development and CTF Capture The Flag framework. The tool is called pwntools and is used for exploit development and CTF challenges. It provides a set of tools and libraries for exploiting vulnerabilities and solving CTF challenges. The tool is written in Pyth...

7.2AI score
Exploits0
Gitee
Gitee
added 2020/08/09 3:5 p.m.5 views

Exploit for Incorrect Default Permissions in Ui Unifi_Controller

This is a PoC exploit for CVE-2020-12695, a vulnerability in the CallStranger protocol. The exploit is implemented in Python and uses the upnpy library for UPnP communication. The script is designed to simulate data exfiltration, bypassing DLP Data Loss Prevention systems, and can also be used to...

7.8CVSS7.1AI score0.15193EPSS
Exploits3
Gitee
Gitee
added 2020/08/08 10:5 a.m.5 views

vulhub

This is an open-source collection of pre-built vulnerable docker environments. It is an offensive tool for testing and training purposes. The primary CVE ID is not explicitly stated, but the repository contains various vulnerable environments based on Docker-Compose. The target product/service or...

7.8AI score
Exploits0
Gitee
Gitee
added 2020/08/06 10:18 a.m.5 views

aflnet

It is an offensive tool for Network protocols. The repository contains a greybox fuzzer for protocol implementations, named AFLNet. It takes a mutational approach and uses state-feedback, in addition to code-coverage feedback, to guide the fuzzing process. AFLNet is seeded with a corpus of record...

7.1AI score
Exploits0
Gitee
Gitee
added 2020/07/30 3:14 p.m.5 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Gitlab

It is an open-source collection of pre-built vulnerable docker environments. The primary CVE ID present in the context is CVE-2016-9086. The target product/service or framework is GitLab. The vulnerability class/vector is not explicitly stated, but it is likely related to the mentioned CVE. The...

6.5CVSS6.6AI score0.05388EPSS
Exploits39
Gitee
Gitee
added 2020/07/28 9:52 a.m.5 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Gitlab

It is an open-source collection of pre-built vulnerable docker environments. The primary CVE ID is not explicitly stated, but the repository contains several vulnerable environments, including ones for CVE-2016-9086, CVE-2017-1000353, and CVE-2018-1000006. The target product/service or framework ...

9.8CVSS8.2AI score0.99686EPSS
Exploits53
Gitee
Gitee
added 2020/07/27 10:33 a.m.5 views

vulscan

This is a Python-based web application for vulnerability scanning and management. Here's a summary of the key features and functionality: Overview The application is built using Django, a Python web framework, and is designed to provide a user-friendly interface for vulnerability scanning and...

7.1AI score
Exploits0
Gitee
Gitee
added 2020/07/23 2:51 p.m.5 views

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

PoC exploit for CVE-2017-11826, a Microsoft Office Word vulnerability allowing arbitrary code execution through DDE injection. The exploit targets Microsoft Office Word, specifically the vulnerability class of remote code execution RCE via DDE Dynamic Data Exchange injection. The probable entry...

9.3CVSS8.7AI score0.81627EPSS
Exploits3
Gitee
Gitee
added 2020/07/23 12:15 p.m.5 views

vulhub

It is an offensive tool for vulnerable environments. The repository contains a collection of pre-built vulnerable docker environments, including Flask SSTI, Apache Parsing Vulnerability, and more. The tool is designed to be used for testing and training purposes, allowing users to practice...

7.1AI score
Exploits0
Gitee
Gitee
added 2020/07/18 6:53 p.m.5 views

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not explicitly stated, but it appears to be a collection of various vulnerabilities, including but not limited to, SQL injection, cross-site scripting XSS, and server-side templa...

8AI score
Exploits0
Gitee
Gitee
added 2020/07/16 10:30 p.m.5 views

Exploit for Path Traversal in F5 Big-Ip_Access_Policy_Manager

No description...

10CVSS7.9AI score0.99999EPSS
Exploits60
Gitee
Gitee
added 2020/07/15 4:1 p.m.5 views

Exploit for Improper Resource Shutdown or Release in Microsoft

Web-Security-Note Record some common Web security sites 由于平常读过的文章以及遇到的比较好的开源项目都被渐渐遗忘了,所以利用这个项目来记录一下,以便查阅。 目录: - CTF - Online-Tools - 漏洞环境 - 信息搜集 - 工具 - 面经 - BypassWAF - WEB安全 - 漏洞挖掘 - 渗透测试 - 内网渗透 - 扫描器开发 - 开发 - 运维 CTF + CTF Time + Pwnhub + CTF论剑场 + 南京邮电大学CTF平台 + Whale CTF + JarvisOJ + Hackme CTF ...

7.2CVSS6.5AI score0.73721EPSS
Exploits18
Gitee
Gitee
added 2020/06/30 12:8 a.m.5 views

Exploit for CVE-2013-0422

K8tools 20190428 声明: 工具仅供安全研究或授权渗透,非法用途后果自负。 博客: https://www.cnblogs.com/k8gege 下载: https://github.com/k8gege/K8tools PS: 不定期更新,文件比较大,可按需下载。工具有BUG或建议可直接Github上留言 提权工具均可在远控Cmd或WebShell运行,大部份经过修改编译兼容性稳定性更好 注意:不保证永久有效,喜欢自行保存。 综合工具 + 综合工具 K8飞刀Final.rar + K8data.mdb K8飞刀漏洞数据库20190402 + K8expList.txt...

10CVSS9.1AI score0.99448EPSS
Exploits97
Gitee
Gitee
added 2020/06/27 12:2 a.m.5 views

Pocsuite

This repository is an offensive tool for penetration testing and vulnerability assessment. It is an open-sourced remote vulnerability testing and proof-of-concept development framework developed by the Knownsec Security Team. The primary purpose of this tool is to assist penetration testers and...

7.1AI score
Exploits0
Gitee
Gitee
added 2020/06/21 1:18 p.m.5 views

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not explicitly stated, but the environments are designed to be vulnerable to various types of attacks. The probable entry points are not specified, but the environments are likel...

7.1AI score
Exploits0
Gitee
Gitee
added 2020/06/16 5:17 p.m.5 views

vulhub

This repository is an open-source collection of pre-built vulnerable docker environments. It is an offensive tool for vulnerability research and testing. The target product/service or framework is not explicitly stated, but it appears to be a collection of vulnerable environments for various...

8.3AI score
Exploits0
Gitee
Gitee
added 2020/06/16 10:44 a.m.5 views

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not explicitly stated, but the project includes various vulnerable environments, such as Flask SSTI, Apache Parsing Vulnerability, and Jenkins RCE. The probable entry points are...

7.3AI score
Exploits0
Gitee
Gitee
added 2020/06/15 4:44 p.m.5 views

vasto

This is a copy of the VASTO exploit kit for virtualization platforms. The kit consists of two modules: Abiquo Guest Stealer and Abiquo Poison. Abiquo Guest Stealer is a module that exploits a path traversal vulnerability in Abiquo's REST APIs to retrieve files on the remote system under the Tomca...

6.4AI score
Exploits0
Gitee
Gitee
added 2020/06/15 9:35 a.m.5 views

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

This is a proof-of-concept PoC exploit for CVE-2020-0796, also known as SMBGhost. The exploit targets a remote code execution vulnerability in the Windows SMBv3 server. The PoC is written in Python and uses a shellcode written in x64 assembly language. The PoC consists of two main components: 1. ...

10CVSS9.3AI score0.9981EPSS
Exploits125
Gitee
Gitee
added 2020/06/13 9:30 a.m.5 views

vulhub

This repository is an open-source collection of pre-built vulnerable docker environments, known as Vulhub. It is an offensive tool for testing and training purposes, specifically designed for vulnerability research and penetration testing. The target product/service or framework is various, as it...

8.1AI score
Exploits0
Gitee
Gitee
added 2020/06/07 10:12 p.m.5 views

vulhub

It is an offensive tool for web application security training. The repository contains a collection of pre-built vulnerable environments based on Docker-Compose, allowing users to easily set up and test various web application vulnerabilities. The tool is designed for security training and...

7.7AI score
Exploits0
Gitee
Gitee
added 2020/06/07 1:33 p.m.5 views

metasploit-framework

This is the Metasploit Framework repository, a widely used penetration testing tool. The framework is written in Ruby and provides a comprehensive set of modules for exploiting vulnerabilities, conducting social engineering attacks, and gathering information about targets. The repository contains...

6.7AI score
Exploits0
Gitee
Gitee
added 2020/06/05 2:28 p.m.5 views

Vxscan

This is a Python script called Vxscan, which is a comprehensive scanning tool. It is primarily used for sensitive file detection, WAF/CDN identification, port scanning, fingerprint/service identification, operating system identification, weak password detection, POC scanning, and SQL injection. T...

7.7AI score
Exploits0
Gitee
Gitee
added 2020/06/04 11:41 a.m.5 views

vulhub

It is an offensive tool for web application security training. The target product/service or framework is a collection of vulnerable environments based on Docker-Compose, including Flask, Apache, Nginx, and others. The vulnerability class/vector is various, including SQL injection, cross-site...

8AI score
Exploits0
Gitee
Gitee
added 2020/06/01 10:45 p.m.5 views

vulhub2

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not explicitly stated, but the repository contains various vulnerable environments, including ones related to Flask, Apache, Nginx, and Jenkins. The probable entry points are the...

7.9AI score
Exploits0
Gitee
Gitee
added 2020/05/27 2:46 p.m.5 views

Exploit for Expression Language Injection in Sonatype Nexus

Nexus Repository Manager 3 Vuln 影响版本:= 3.21.2 CVE-2020-10199、CVE-2020-10204、CVE-2020-11444 CVE-2020-10199 远程代码命令执行 回显poc 不回显poc $\A''.getClass.forName'java.lang.Runtime'.getMethods6.invokenull.exec'touch /tmp/cve-2020-10199' 普通用户权限 /service/rest/beta/repositories/go/group 需要管理员权限 1...

9CVSS9.4AI score0.99064EPSS
Exploits12
Gitee
Gitee
added 2020/05/26 11:40 p.m.5 views

Exploit for Use After Free in Microsoft

This is a PoC exploit for CVE-2019-0708, a vulnerability in Microsoft Remote Desktop. The tool, named rdpscan, is designed to scan networks for vulnerable machines. It is based on the rdesktop patch from https://github.com/zerosum0x0/CVE-2019-0708. The tool can be compiled on Windows, macOS, and...

10CVSS7.7AI score0.99999EPSS
Exploits123
Gitee
Gitee
added 2020/05/20 7:43 p.m.5 views

penetration

This repository contains a collection of penetration testing files, primarily targeting various Content Management Systems CMS and web applications. The files are organized by the CMS or application they target, with each folder containing multiple files related to specific vulnerabilities or...

8.4AI score
Exploits0
Gitee
Gitee
added 2020/05/19 4:6 p.m.5 views

Exploit for Deserialization of Untrusted Data in Oracle Weblogic_Server

CVE-2018-2628 CVE-2018-2628漏洞工具包 根据Github上整理出的漏洞利用工具包含: 1.CVE-2018-2628漏洞检测工具 //漏洞存在检测的POC 2.weblogicpoc.py //漏洞利用的POC 3.ysoserial-0.1-cve-2018-2628-all.jar //借鉴的漏洞利用工具https://github.com/tdy218/ysoserial-cve-2018-2628/releases 具体的漏洞复现过程请移步简书:https://www.jianshu.com/p/6649118ba7b6...

9.8CVSS8.9AI score0.99448EPSS
Exploits69
Gitee
Gitee
added 2020/05/19 9:53 a.m.5 views

Exploit for Missing Authentication for Critical Function in Oracle Weblogic_Server

WebLogic Wls-wsat XMLDecoder 漏洞描述 mitre:https://vulners.com/cve/CVE-2017-3506 早期,黑客利用WebLogic WLS 组件漏洞对企业服务器发起大范围远程攻击,有大量企业的服务器被攻陷,且被攻击企业数量呈现明显上升趋势,需要引起高度重视。其中,CVE-2017-3506是一个利用Oracle WebLogic中WLS 组件的远程代码执行漏洞,属于没有公开细节的野外利用漏洞,大量企业尚未及时安装补丁。官方在 2017 年 4 月份就发布了该漏洞的补丁。 CVE-2017-3506补丁说明: public...

7.5CVSS7.2AI score0.99993EPSS
Exploits46
Gitee
Gitee
added 2020/05/11 9:0 p.m.5 views

Exploit for Observable Discrepancy in Linux Linux_Kernel

This is an offensive tool for fuzzing. It is a PoC exploit for CVE-2021-34556, but the primary focus is on fuzzing and testing the robustness of software. The tool is called AFLplusplus, which is an enhanced version of the original AFL American Fuzzy Lop tool. The target of the tool is not...

5.5CVSS7.1AI score0.00419EPSS
Exploits2
Gitee
Gitee
added 2020/05/06 11:13 p.m.5 views

exploitdb

The Exploit Database Git Repository This is an official repository of The Exploit Database, a project sponsored by Offensive Security. Our repositories are: - Exploits & Shellcodes: https://github.com/offensive-security/exploitdb - Binary Exploits:...

6.8AI score
Exploits0
Gitee
Gitee
added 2020/05/06 3:20 p.m.5 views

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

CVE-2020-0796 Windows SMBv3 LPE Exploit Authors Daniel García Gutiérrez @danigargu Manuel Blanco Parajón @dialluvioso References https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796 https://www.synacktiv.com/posts/exploit/im-smbghost-daba-dee-daba-da.html...

10CVSS7.1AI score0.9981EPSS
Exploits125
Gitee
Gitee
added 2020/04/18 8:3 a.m.5 views

Exploit for Path Traversal in Pivotal_Software Spring_Framework

Web-Security-Learning 项目地址: https://github.com/CHYbeta/Web-Security-Learning 最近更新日期为:2018/10/31。 同步更新于: chybeta: Web-Security-Learning 目录: - Web-Security-Learning - Web Security - sql注入 - MySql - MSSQL - PostgreSQL - MongoDB - 技巧 - 工具 - XSS - CSRF - 其他前端安全 - SSRF - XXE - JSONP注入 - SSTI - 代码执行 /...

7.5CVSS8.2AI score0.16437EPSS
Exploits5
Gitee
Gitee
added 2020/04/15 4:24 p.m.5 views

awesome-jenkins-rce-2019

No description...

7AI score
Exploits0
Gitee
Gitee
added 2020/04/01 5:13 p.m.5 views

vulhub

This repository is an open-source collection of pre-built vulnerable docker environments. It is an offensive tool for web application security testing. The primary vulnerability class/vector targeted by this repository is Server-Side Template Injection SSTI, specifically in Flask applications. Th...

7.8AI score
Exploits0
Gitee
Gitee
added 2020/04/01 2:5 p.m.5 views

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

CVE-2020-0796 Windows SMBv3 LPE Exploit Authors Daniel García Gutiérrez @danigargu Manuel Blanco Parajón @dialluvioso References https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796 https://www.synacktiv.com/posts/exploit/im-smbghost-daba-dee-daba-da.html...

10CVSS7.1AI score0.9981EPSS
Exploits125
Total number of security vulnerabilities1886